Bank of Spain Raises Alarm Against Phishing

The Bank of Spain has recently released statistics of computer users' complaints and retrievals due to alleged irregularities by banks in Spain during 2007. The statistics highlighted that most of the complaints were related to customers who were victims of phishing.

As security researchers and analysts define phishing, it is an act of sending a fake e-mail that purports to be from a legitimate and reputable organization in an effort to trick the user and get him to surrender his personal information to be subsequently used in identity fraud.

Meanwhile, as per the reports by the Bank of Spain, it received a total number of 5,736 written complaints and retrievals in 2007, a rise of 4.8% over 2006. Thus, as per the country's cyber laws, the bank was asked to compensate its unsatisfied customers who were justified to reclaim an aggregate amount of 1.4 Million Euros.

In light of this, the Bank of Spain has urged its customers not to answer any e-mail that poses to be from the bank. It has also reminded them that no bank ever requests for users' private details online.

Also, according to the bank, users must not open links that are given in phishing or spoofed e-mails as they might create trouble not only in the form of their private information being exposed to the scammers but also entering malware into their systems, allowing unauthorized people to take over the control of the system.

Another important suggestion from banking institutions to counter phishing attacks is that instead of accessing the bank's Website through a link, type the site's URL in the Web browser's address bar as it is more secure.

And while the Bank of Spain warns against phishing attacks, security specialists and analysts from different security companies repeatedly tell users to be more careful while banking online and do not get trapped into the phishers' ploys. According to these experts, all phishing scams related to banks follow the same conventional method of creating a fake Website and directing victims to login, so that his/her private information could be secretly captured.